Microsoft Security Essentials: Does it have a Place in the Business World?

Introduction

Microsoft recently released Security Essentials, a free anti-virus and anti-malware "pack" for Windows XP, Vista and Windows 7. The software was created with consumers in mind, but, in a tight economy some businesses will undoubtedly be tempted to use it for PCs on their company networks. Is it a good idea? What are the drawbacks? This article takes a look at this replacement for Windows Live OneCare and helps you decide whether deploying it in your business is a great way to save money, an invitation to disaster, or something in between.

Download and Installation

For those businesses with an international presence, MSE is available for many different languages and locales. It can be installed on Windows XP (32 bit only), Vista (32 or 64 bit) and Windows 7 (32 or 64 bit). The installer file is 4.28 MB. It runs a validation test to ensure that you are running a properly licensed copy of Windows before proceeding with the installation. If you are, validation is quick and simple.

You should remove other antivirus and antispyware software before installing MSE, and you will be reminded of this at the beginning of the installation. The actual installation took less than a minute on my test machine and after you click Finish, the program will start and check for the latest definitions, as shown in Figure 1.

Figure 1: The entire download and installation process takes only a few minutes

The interface is simple - perhaps a bit too simple for most business users. However, if your business is a small one with no centralized control over the network and users must manage their own AV programs, MSE will be easy enough even for those who are not at all technically savvy. As shown in Figure 2, there are three scan options: quick scan, full scan, and custom scan. You can schedule scans (by default MSE runs a quick scan once a week, on Sunday at 2:00 a.m.) and choose the type.

Figure 2: If you believe "simpler is better," MSE is one of the best

Updates are downloaded automatically, or you can manually update your definitions at any time, as shown in Figure 3.

Figure 3: You can manually update definitions at any time

The History tab allows for some limited filtering. You can select to display all detected items, quarantined items that were disabled and prevented from running (but not removed) or allowed items.

On the settings tab, you can configure the following:

Scheduled scan

Default actions

Real-time protection

Excluded files and locations

Excluded file types

Excluded processes

Advanced settings

Microsoft SpyNet

Your scheduling options are limited. You can choose the type of scan to run (Quick or Full) and set it to run any one day of the week or daily at a specified time. You cannot, however, schedule a scan on Mondays, Wednesdays and Fridays only. Nor can you schedule a quick scan daily and a full scan on the weekend (for example). You can, however, have the scheduled scan start only when the computer is not in use and force a check for the latest definitions before each scan.

Default actions are based on the alert level. MSE recognizes four alert levels: low, medium, high and severe. For each level, you can specify whether to allow, quarantine, remove, or accept MSE's recommended action.

Real-time protection, which alerts you when a program identified as malware attempts to install or run, can be turned on or off. If it's turned on, you can further specify whether to monitor file and program activity and/or scan all downloaded files and attachments.

You can specify files and locations to be excluded when you run a scan, thus speeding up the scan but potentially leaving the computer less protected. You can also exclude specified file types from the scan, if you are sure that a particular file type is safe. For example, you might want to excluded graphics such as .jpg or .tif files. You can further exclude specified processes (executables). It is easy to add these exclusions and just as easy to remove them.

In the Advanced Settings, you have several options that can be enabled or disabled by checking a box:

You can specify whether to scan for malware in archived files such as .zip and .cab files

You can specify whether to scan removable drives, such as USB flash drives

You can specify to create a system restore point before doing any cleanup, so that if something is inadvertently removed that should not have been, you can easily roll back to the previous state

You can select whether all users are allowed to view the full History results (including users who are not administrators)

Finally, you can select your membership level in Microsoft SpyNet. You can choose basic membership, whereby Microsoft will receive basic information about malware that is detected and what actions are applied, or you can choose advanced membership, whereby more information is sent, including the location of the malware on your disk, files names and how the malware affects your computer. The default is basic membership. Note that unlike with some anti-malware programs, you cannot opt out of SpyNet completely. Also note the warning that "in some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you."

What are the advantages for business?

For small businesses, MSE provides basic anti-virus and anti-spyware protection all in one package at no cost. It is easy to install and set up and easy to run. In my experience and according to testing reported by various web sources, it does a decent job of catching malware. PC Advisor's tests showed that it came in with a 97.8 detection rate and did particularly well with proactive tests that measure detection of new, unknown malware.

Another advantage is that it runs very transparently. Unlike some anti-malware solutions, it is not constantly popping up messages. It is easy for individual users to manage on their own computers.

What are the disadvantages for business?

MSE is designed for home users and consequently does not have many of the features that all but the smallest businesses want and need. Its lack of flexibility in setting scanning schedules can be a real drawback, particularly the inability to set separate schedules for daily and full scans. It is often desirable to run a quick scan on a daily basis and a full scan less often. Of course, you can always set it up to run a daily scan and then manually run full scans, but requires a bit more interaction on the part of the user.

The biggest drawback for businesses is that MSE cannot be centrally managed. That means each user will have to set it up or IT personnel will have to set it up on each computer individually, creating a great deal of administrative overhead.

Most anti-malware programs allow you to enable or disable email protection. MSE does not have such an option, and it is unclear whether email files are scanned as part of real-time protection, or only attachments are scanned.

There have been some reports of MSE failing to detect malware in .zip files, even though the option to scan archived files is enabled.

Some companies may also be uncomfortable with the inability to turn off SpyNet, forcing you to allow information to be sent to Microsoft.

Conclusion

Microsoft Security Essentials was designed as a consumer anti-malware solution and is a viable alternative to other freeware AV products. Some small businesses may find that it provides adequate protection for their computers. However, for mid-size and large companies, the lack of centralized management and inflexibility of some of the features make it a less than ideal choice. Microsoft clearly intends Forefront Client Security to be its AV presence in the business world. If your business can't afford or doesn't want to use Forefront, a mid-priced third party commercial AV solution aimed at business may be your best bet.

Post Views: 200

Featured Links

Read Next

Author

Deb Shinder

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Latest Podcast

Featured Freeware

Recommended

Follow Us

Microsoft Security Essentials: Does it have a Place in the Business World?

TECHGENIX

TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.